Systems and methods for conditional access and digital rights management

ABSTRACT

Conditional access (CA) and digital rights management (DRM) in digital media delivery, processing, and storage systems. Methods and apparatuses are provided for managing digital rights under the protection of multiple CA and/or DRM systems. Some embodiments provide secure and robust methods for bridging multiple DRM systems in the digital media content distribution and playback systems. The present invention simplifies content repurposing, after it has been bridged to a secondary DRM system, but still under the control of the original DRM system.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention generally relates to digital media delivery andmanagement systems. More particularly, the present invention pertains tosystems for digital rights management.

2. Description of the Related Art

Digital media usually refers to some form of electronic media that canbe manipulated by digital processing systems in one way or another.Unlike analog media, digital media is typically transmitted, stored,and/or processed in digital forms, e.g., in binary formats.

Use of digital media has been gaining popularity over the last fewdecades partly due to their technical advantages over the analogcounterpart, such as robustness over noise, and partly due to the wideavailability of various digital information processing systems such aspersonal computers and CD or DVD players. Digital media are generallyeasier to process and/or manage and they are often considered to havehigher perceptual qualities. Digital broadcasting has also beengradually gaining momentum in the cable and satellite television orradio industries. Moreover, terrestrial digital television (DTV)broadcasting has been tentatively scheduled to supersede analogtelevision by early 2009 in the United States.

The better processing capability of digital media is, however, also oneof the downsides of using digital media. For example, digital media, ormore precisely digital data associated with digital media, can bereproduced indefinitely without any loss of quality, often with no orvery little cost. Furthermore, it can be easily altered or modified orcopied in part or in whole without any accountability. This has been ahindrance to wide-scale adoption of digital media in many potentialapplication areas. This is especially true for copyrighted media, ormedia that otherwise need to be protected for transmission, access, orreproduction. In many cases, the user needs special rights orpermissions in order to be able to perform certain tasks or operationsassociated with a digital media. This is often referred as digitalrights. The term digital rights sometimes refers to legal rightsassociated with the digital media. It sometimes refers to technicalrights or capabilities, and it may not necessarily coincide with therights' holder's legal rights.

A digital rights management (DRM) system manages digital rights and alsorights of other types of media. Many digital media publishers andvendors use DRM systems to protect copyrighted or otherwiseaccess-controlled materials. Typical DRM systems use various technicalmeasures to identify, describe, analyze, valuate, trade, monitor, andtrack digital rights. For example, DRM systems often use copy protectionmeasures to control and/or restrict the use and access of digital mediacontent. In the commercial context, DRM provides a method to control anyduplication and dissemination of digital media so that appropriate feescan be collected, for example, for each copy or for each performance ofthe media content.

A typical DRM system uses encryption and decryption software for thispurpose along with other software or hardware based security measures.For example, HD DVD and Blue-ray movies are encrypted, or scrambled,using Advanced Access Content System (AACS). The data on the medium isencrypted, in addition to being compressed or encoded in MPEG-4 format,and it may only be decrypted and viewed using one or more validdecryption keys. In a typical DRM scheme, a DRM server wraps the digitalcontent through encryption according to applicable policies.

Once the digital media is delivered, a DRM client unwraps the contentand makes it accessible to the user in accordance with his or herrights. DRM clients may include desktop PCs, handhold devices, set-topboxes, mobile phones and other portable devices as well as otherdedicated digital media players (e.g., for music, movies, etc.) andtelevision and radio sets. The digital rights are typically distributedto clients separately from the wrapped media content. They can bedistributed at the time of the content distribution, or they can bedynamically accessed later when needed, for example, at the time ofstorage or playback.

In the cable industry, and in other related industries such as satellitebroadcasting, media is protected by conditional access (CA) systems. CArefers to a technique for limiting the access of protected content toauthorized users. In a typical CA system such as those used in the cabletelevision industry, the scrambled media content is delivered along witha decryption key called a control word (CW). The control word isembedded in an encrypted message called ECM (entitlement controlmessage), which can be decrypted using another key called a service key(SK). The service key is delivered to the user in a different messagecalled EMM (entitlement management message), and it may be decryptedusing a user-specific decryption key, or user key (UK), which istypically associated with a client device, either at hardware orfirmware level, such as a “smartcard”. The lifetime of each key variesdepending on the purpose, and it varies from application to application.Typically, the lifetime of CW is much shorter (on the order of 0.1second for live video stream) than that of SK, which is, for example, onthe order of a month or so for a subscription channel in the cabletelevision. SK and CW can also be associated with a particular media,for example, a movie title for pay-per-view. The UK is usuallypermanent, but can be replaced by providing a new smartcard to the user.Typical CA systems also have the ability to “revoke” UKs fromunauthorized devices. It should be noted that a CW is not generally userspecific. Using the (subscriber-specific) SK, the system can securelybroadcast other common information, such as the CWs or the mediacontent, to subscribers simultaneously without having to broadcast adifferent program for each of the subscribers.

The digital media content (e.g., video and audio signals) of oneprogram, typically in the MPEG-2 or MPEG-4 format in the case of cabletelevision, is sometimes multiplexed together with those of otherprograms for transmission so that multiple programs appear to betransmitted simultaneously. A CA system scrambles the digital form ofprograms and transmits the entitlement control messages and theentitlement management messages with the digital form of programs forbroadcast either within the multiplex (e.g., for satellite) or throughan out-of-band channel (e.g., for cable).

Content encryption is typically done using symmetric key cryptography,while key encryption is typically done using public key/private keycryptography. In symmetric key cryptography, the same or essentiallyequivalent keys are used to both encrypt and decrypt the data. In theasymmetric or public key cryptography, different but related keys areused to encrypt and decrypt the data. Public keys may be derived fromthe corresponding private keys in certain cryptographic schemes, but notvice versa. In general, encryption/decryption schemes based on symmetrickey cryptography are less expensive than those using asymmetric keycryptography in terms of computational requirements.

Typically, a client device such as a set-top box (STB) at the receivingend descrambles the data stream and decodes the MPEG-2 data for viewing.A tuner portion of the STB receives the incoming signal, demodulates itand reconstitutes the transport stream, which contains multiple packetsof information. The set-top box can de-multiplex the entitlementmanagement messages and entitlement control messages and the mediacontent. The data (e.g., service key and control word) contained in theentitlement management message and entitlement control message are usedto descramble the encrypted programming content. The set-top box thendecodes the MPEG data and renders the content for viewing.

FIG. 1 illustrates an overall “architecture” of an exemplary DRM/CAsystem in a block diagram form. The figure shows a virtual zone orrealm, all again within the same security system, associated with adigital management system or a conditional access server 101. DRMsystems may have their own servers. Or, alternatively, certain relatedCA servers may be used for various DRM purposes such as authenticatingclients. DRM systems may also manage the digital rights associated withdigital media through other methods. An example of this DRM system is anon-line movie distributor system. In this example, the DRM server 101typically resides across a network 102 such as cable network, satellitenetwork, wireless phone network, or the Internet, from a DRM clientdevice 103. When a digital media is delivered to the client 103, eitherfrom the DRM server 101 or from other digital media services, the clientfirst needs to get proper permission or entitlement before it can playor display the delivered content. The CA server 101 typically residesacross a network 102, such as cable network, satellite network, wirelessphone network, or the Internet, from a client device 103, which can be aCA Client or a Set-top Box. When a digital media is delivered to theclient 103, either from the DRM/CA server 101 or from other digitalmedia services, the client first needs to get proper permission orentitlement before it can play or display the delivered content. Thepermission is often delivered as ECMs (e.g., in cable televisiontransmission) as stated earlier. In typical real-time digital mediadelivery systems such as cable television, the required ECMs aresimultaneously delivered along with the digital media content. In theexample shown in FIG. 1, the DRM/CA server 101 is responsible forvarious DRM/CA-related tasks and it provides necessary support to theauthenticated client 103 for accessing digital media content which theclient is entitled to. The client can play the media on a display 105 inreal time and/or store it for later viewing. The figure shows a storageunit 104 within the DRM realm associated with the client. It may be apart of the client device 103 in some cases. The digital media istypically stored in the storage unit in an encrypted/scrambled form, orin an otherwise protected form. In this example, the DRM system isresponsible for protecting the stored digital media. In order for aclient device such as a media player to have access to the content ofthe stored media, it needs to have proper permission, which is providedby the DRM/CA system in case the client is legitimately entitled tocertain operations on the digital media.

FIG. 2 illustrates various message or data types used in certainimplementations of conditional access (CA) schemes. In particular, thefigure shows an entitlement management message (EMM) 134, an entitlementcontrol message (ECM) 140, and a scrambled content 146, along withvarious encryption/decryption keys, which are typically used in CAsystems in the cable television industry. A client device (not shown inthe figure) typically contains a security device 130 associated with aCA server (not shown), and the security device has a unique user key(UK) 132 to represent a subscriber. The security device 130 may be asmartcard. The user key 132 can be used to decrypt the entitlementmanagement message (EMM) 134, which has the encrypted service key (SK)138. The client, or the security device 130, performs the EMM decryption136 using the user key 132 to recover the service key 138. Theentitlement control message (ECM) 140, on the other hand, contains anencrypted control word (CW) 144. In typical operations, the client, orthe embedded security device 130, further performs the ECM decryption142 using the service key 138 to recover the control word 144. Thescrambled content 146, that is, the digital media content encrypted withCW 144, can then be descrambled using the control word to generate theclear content 150. Typically, the CA server provides the control word toan authorized client to descramble the content, at 148. The descrambled,or clear, digital media content 150 can be either played on the clientdevice or re-encrypted for further processing or for (temporary orpermanent) storage. In many cases, however, the scrambled content 146can be recorded, sometimes along with the ECM 140, for later use and itis protected by a copy protection (CP) system, a DRM system, or adifferent CA system. The DRM system manages the rights according to theinformation in the EMMs and/or ECMs.

It should be noted that encryption and decryption keys are symbolicallyrepresented by locks and keys, respectively, in FIG. 2 and in otherdrawings throughout this disclosure. Even though these two differentsymbols are used for consistency whenever possible, it should beunderstood that, in symmetric key cryptography, the same or essentiallyequivalent keys are used for both encryption and decryption operationswhereas, in public key cryptography, encryption keys (i.e., locks) anddecryption keys (i.e., keys) are different and, in particular, it maynot be computationally feasible to derive decryption keys from thecorresponding encryption keys. As noted earlier, in digital mediadelivery and management, content scrambling (e.g., encryption of digitalmedia content) is typically done using (generally computationallycheaper) symmetric key cryptography, while key encryption (e.g.,encryption of service keys) is typically done using (generally easier toexchange) public key cryptography.

Although FIG. 2 shows a particular encryption/decryption arrangement ofa CA system, it is understood that different arrangements can be used aswell. In general, the entitlement management messages are unicast toindividual devices to individually authorize entitlement and theentitlement control messages are typically broadcast to all devices toglobally provide the information to retrieve the content key fordescrambling the broadcast stream. A service key represents theentitlement recovered from the entitlement management message and acontrol word represents the key recovered from the entitlement controlmessage for descrambling the media content. The descrambler of a digitaltelevision system uses standard algorithms, e.g., Common Scrambling forDigital Video Broadcasting (DVB-CSA) and Digital Encryption Standard(DES) for Advanced Television Systems Committee (ATSC) standard(conditional access system for terrestrial broadcast). The descrambler(e.g., 148 in FIG. 2) can be conveniently placed on any of the variouscomponents (e.g., a bridge, a renderer, or a storage system) in a clientdevice.

With respect to FIGS. 3A and 3B, exemplary scenarios are illustrated inwhich digital media content is delivered and protected by a CA serverand/or a DRM system. In FIG. 3A, an access control device 172, which istypically a part of a client device (not shown in the figure), has auser key 174 to decrypt the entitlement management message 176, whichcontains an encrypted service key (SK), which in turn is used to decryptthe entitlement control message 178. ECM 178 contains the encryptedcontrol word (CW). The scrambled content 180, which is encrypted by thecontrol word, is then decrypted by the client device. The access controlunit 172, or any component associated with the client device, with theappropriate rights descrambles the protected content 182 using thecontrol word 184 and provides the content 186 to the user. The contentcan either be re-scrambled and stored in a storage device for laterviewing or it can be provided for real time use. The client device maydirectly record the original CA protected content (e.g., as illustratedin FIG. 3A), or record the content with substitutive CA/DRM protection(e.g., encrypting with replacement entitlement control messages, orrescrambling using different control words, etc.).

In the scenario shown in FIG. 3B, the recovered control word 210 isprotected by a DRM system (symbolically represented by a cryptographickey 208 in the figure). In this example, only a certain CA/DRM client,e.g., an access control device 202 with a user key 204, which hasappropriate rights (e.g., having access to the decryption key 208) candescramble the DRM protected CW 206 to get the CW 210. Then thedecrypted control word 210 is used to descramble the delivered or storedmedia content 212 to obtain clear the content 214.

In typical conditional access of a primary security system (e.g.,digital TV or satellite TV), the control word, which is a global key,needs to change frequently (e.g., once every 0.1 second) to avoidkey-sharing attack. However, to locally protect the recorded and storedcontent with a DRM system, a control word that is unique to the accesscontrol device does not need to change as frequently. For example, anentire recorded movie may be rescrambled using only one control word. Itshould be noted that different CA systems and DRM systems may haveentirely different implementations of EMMs and ECMs but have similar orsame descramblers for content protection (e.g., according to the ATSCStandard).

Multiple digital rights management systems can be used for protection ofdigital media, e.g., at the same time or alternately depending on thecontexts. For example, the digital media owners such as movie studiosand media delivery services such as cable companies might utilizedifferent and separate DRM systems for the same digital media, or fordifferent parts of the same media. Similarly, the same cable televisioncompany (e.g. Comcast Corp. of Philadelphia, Pa.) may use different CAsystems for different contexts or for different domains. Digital rightsmanagement can also be implemented in a hierarchical fashion or inmultiple domains. This is illustrated in FIG. 4A where different DRM(254, 258, 260) or CA (262) systems can also be involved for protectionof digital media at different stages of their delivery, processing,playing, and storage processes. For example, FIG. 4A shows an exemplarycontext where multiple CA and/or DRM systems are employed duringdelivery of digital media. The media is delivered from a CA server 262to a client (e.g., a storage unit 278 in the figure), and it isinitially protected by the same CA server in this example. Thebroken-line box 252 represents this “virtual domain” or zone in whichthe CA server 262 is responsible for enforcing proper access rulesregarding the digital media. The figure shows three more virtual DRMdomains, 254, 258, and 260, each of which is under the protection of aDRM system (not explicitly shown in the figure). When the digital mediais passed from one DRM system to another DRM system, the media content(and its associated keys) may be descrambled/decrypted using the keysfrom one DRM system and rescrambled/encrypted using the keys from thenext DRM system. In the example illustrated in FIG. 4A, the media underthe protection of CA server 262 is descrambled, 264, and scrambledagain, 266, in the DRM system 254. The media is then passed to the nextDRM system 258, through descrambling 268 by DRM system 254 andscrambling 272 by DRM system 258, and again to the next DRM system 260,through descrambling 274 by DRM system 258 and scrambling 276 by DRMsystem 278. In this example, the scrambled digital media content isstored, 278, e.g., in a client device, and the last DRM system 260 isresponsible for protecting the stored digital media. The DRM systemscloser to the source of the digital media are typically more “global”than the ones closer to the sink or the client. In other words, the DRMsystem 258 of the figure, for example, is more “local” than the DRMsystem 254. Generally, there is a one-to-many relationship between aglobal or upstream DRM system and a local or downstream DRM system. Itshould be noted that, in this particular example, whenever the digitalmedia passes the DRM system boundaries, the media is exposed in clearforms, with the control passed completely from the previous DRM to thenext DRM. For example, at a point labeled 270 in FIG. 4A, the media(and/or any associated security keys) has been descrambled by DRM system254, thus DRM system 254 loses control over the media content. The mediais then scrambled by the next DRM system 258, thus comes under controlof this DRM system 258. This can be a potentially vulnerable point in abusiness model involving multiple DRM systems such as the one shown inthe figure where the original owner of the media passes the mediacontrol completely to other DRM systems.

This vulnerability can be protected by various bridge protectionschemes, where an exemplary is schematically illustrated in FIG. 4B,where two different DRM domains 232, and 234 are shown. In the figurethe media is shown in different stages of protection (Encryption A,Encryption B and Encryption C) and the decryption and re-encryptionprocesses are not shown. In this particular example, in the first stage(Encryption A) the digital media delivered from across the network 236may first be protected by the DRM system 232. In the second stage(Encryption B) the digital media may be protected by both DRM systems232 and 234. In the third stage (Encryption C) the digital media may beprotected only by the second DRM system 234. For example, the first DRMsystem 232 may be managed by a cable company and the second DRM system234 may be managed by a movie studio. In order for a user to play thedelivered content, he or she may need to get proper access permissionfrom either system, or from both systems, depending on theimplementation. In general, there may be multiple content distributors,multiple content owners, and/or multiple content players of the samedigital media, each of which may have its own DRM or CA system.

Some DRM systems can store content that are still protected by theoperator CA system. In this mode, ready access to CA servers may berequired to access protected digital media. For example, when thedigital media is stored in a user's device, in order to play the storedmedia the user may need to obtain an access grant from the correspondingCA server, e.g., as a form of an ECM. The associated ECM, or a CWcontained in the ECM, may also be downloaded at the time when the mediacontent is delivered.

In some cases, a CA server may provide entitlement valid only atplayback time. For example, the system can allow the user to record(scrambled) programs that the user is not entitled to use at the time ofrecording. After the user obtains the required rights (e.g., throughpurchase of pay-per-view service, or by upgrading a subscriptionpackage, etc.), the user can then play back the recorded information atlater convenient time. As stated earlier, the descrambled content and/ordecrypted keys may be rescrambled/encrypted using a different scheme,such as the one based on a DRM system, before it is stored in a storagedevice.

Further information about bridge protection system can be found in U.S.patent application Ser. No. 11/446,427, filed on Jun. 2, 2006 whichapplication is incorporated herein by reference. The bridge protectionschemes create certain problems for the end clients of the DRM system onhow the inner DRM system will deal with the original DRM protectionafter the bridging has occurred. For example, a CA media under the CArules may be stored in a client of a DRM system. The client normally hasa subscription agreement with the DRM system, but typically does notdeal directly with CA system, and therefore would have difficulty inchanging the CA rules under the DRM system. For example, the contentprotected by the CA system may be restricted by the CA system's accessrules so that it can be played for a limited period of time (e.g. onlyfor one week) or may be played back only once or twice. The user may beforced, in this case to “upgrade” the service from the CA system toobtain greater access rights, but the user's (e.g. client) system is aDRM system which may not have all the necessary keys, etc. to obtain theupgrade.

SUMMARY OF THE DESCRIPTION

The present invention pertains, in general, to methods and apparatusesfor conditional access (CA) and digital rights management (DRM) indigital media delivery and management systems. According to anembodiment, systems and methods for conditional access and copyprotection in multiple DRM and/or CA domains are provided. According toanother embodiment, methods and apparatuses are provided for managingmultiple DRM domains in the presence of one or more CA servers. Someembodiments provide methods and apparatuses for bridging multiple DRMsystems, for bridging multiple CA systems, or for bridging a CA systemand a DRM system, in the digital media content distribution systems.Some embodiments of the present invention also provide systems, methods,and apparatuses for managing digital rights in multiple DRM domains inthe digital media content delivery and storage systems. Embodiments ofthe present invention may simplify digital media content delivery,conditional access, and digital rights management and provide for theability to “upgrade” service from a first CA or DRM system after contenthas passed through a bridge and is now controlled by a second CA or DRMsystem.

According to an embodiment, a method is provided for a downstream DRMclient to obtain new rights or license from an upgrade server for adigital media content previously acquired from a DRM bridge. The DRMbridge typically includes an original DRM client and a secondary DRMserver; it receives media content from the original DRM system andadapts it to the secondary DRM system (e.g. from a secondary DRM serverto a secondary DRM client). The rights and license translation in thebridge is performed in such a manner that a remote DRM upgrade server ofthe secondary DRM system, which has not been involved in the originaltranslation can later issue a new or upgraded license for the samedigital media content. The stored media content may be protected byencryption such as, for example, encryption with a control word, whichalso can be encrypted with a service key. An exemplary method comprisesthe secondary DRM upgrade server contacting the original DRM system toget authorized to issue new rights or license, and to use the receivinginformation to upgrade or issue new rights or license to a previouslyacquired media. The communication between the original DRM and thesecondary DRM systems may or may not follow the path of the mediacontent, e.g. passing through the bridge. The original DRM system can bethe server that sent the media content across the bridge or can beanother server, e.g. a billing server or an upgrade server for theoriginal DRM system. And the upgrade server of the secondary DRM systemcan be the DRM server that originally issues the license (i.e. thebridge), or another independent DRM server.

In certain embodiments, the client from the secondary DRM system sends arequest to the secondary DRM server to get a new license. The secondaryDRM server then communicates with the original DRM system to get anauthorization to issue new rights and then it transfers the response tothe secondary DRM client. The response provides new rights or licensefor previously acquired media content, to enable the secondary DRMclient to access the media according to its request. In some cases, thecommunication between the secondary DRM server and the original DRMsystem passes through the original DRM client, thus using the bridge(original DRM client/secondary DRM server bridge) to transmitinformation. The original DRM client then can communicate with theoriginal DRM server.

In certain embodiments, the secondary DRM server contacts an upgradeserver of the secondary DRM system prior to issuing a new license. Insome cases, the communication between the secondary DRM server and theupgrade server passes through the original DRM client, thus using thebridge to transmit information. Communication with the upgrade servermay be through the original DRM client. The DRM upgrade server thencommunicates with the original DRM server, or an original DRM billingserver to receive a response.

In certain embodiments, the client from the secondary DRM system sends arequest to an upgrade server of the secondary DRM system to get a newlicense. The upgrade server is typically available online to the DRMclient, and can communicate with the original DRM system to upgrade therights or license for the media content. The contacted original DRMsystem can be an original DRM billing system server, or the original DRMserver which sends the media content. The response from the upgradeserver can upgrade the media content license according to the client'srequest.

In at least one embodiment, systems and methods are provided formanaging digital rights associated with digital media which are underthe protection of multiple DRM systems, e.g. cascading bridges. Certainembodiments of the present invention also provide methods andapparatuses for bridging multiple DRM systems in the digital mediacontent distribution and storage systems. In some embodiments, variousmethods are used to upgrade rights or license to a media content betweena plurality of different DRM systems. The media content is stored in thesecondary DRM system, preferably in the secondary DRM client, with theinitial secondary DRM license from the DRM bridge.

According to some embodiments of the present invention, the followingoperations are performed: (a) Contacting, from a secondary digitalrights management system, to an original digital rights managementsystem to get authorized to issue a new license or rights for an alreadyacquired media content, (b) Upgrading the license or rights, by thesecondary digital rights management system with permission from theoriginal digital rights management system and this upgrading typicallyoccurs by transferring a response from the original digital rightsmanagement system to the secondary digital rights management system withregard to the license or rights. The operations according to certainembodiments address potential issues, such as enabling the original DRMto identify, from the secondary DRM system license, the owner and thetype of media content so that the original DRM system can properly logand authorize the transaction, and also to securely issue a new licensewithout requiring the original DRM system to re-issue the same mediacontent to the secondary DRM client. For example, the operationsaccording to certain embodiments provide a way to get the CA rules (orother DRM rules) from the original DRM system to the DRM client acrossthe bridge. The media can be originated from a CA system (the originalDRM system), where the subscriber and event information may be lost inthe bridging and not known to the secondary DRM client. Or the serviceor content key may not be readable by the server because it is encryptedfor use by only the secondary DRM client.

According to another embodiment of the present invention, a method isprovided for a secondary DRM system remote server to upgrade the rightsor license of a digital media content that were issued by a DRM bridge.The initial secondary DRM license may include additional information toallow the upgrade operation to be reconciled with the original DRMsystem. The method may comprise the following operations: (a) Sending arequest from a DRM client of the secondary DRM system to a secondary DRMserver for an upgrade right or license. In some embodiments, the upgraderequest goes to the secondary DRM server that originally issued thelicense (i.e. bridge). In other embodiments, the request is sent toanother independent secondary DRM server (b) Having the secondary DRMupdate server requesting authorization from the original DRM serverusing the additional information that have been added by the bridge,before completing the transaction. In some cases, when the secondary DRMupdate server is the DRM bridge, the request can be carried using theoriginal DRM server return path. In some other cases, when the secondaryDRM update server is a separate server, the request can be carried as abusiness to business transaction between two servers. (c) Uponauthorization from the original DRM server, having the secondary DRMupdate server extract the service or content key from the additionalinformation added by the bridge and generating a new license for thesecondary DRM client using the same content key but with new rights.

In one embodiment, when the secondary DRM server in a bridge creates theinitial secondary DRM license, it may add additional data (i.e. LicenseRenewal Data) to or next to the license for enabling a later update: (a)information that identifies the preferred secondary DRM update server(e.g. URL), (b) information that can be used by the original DRM serverto authorize the license update, including subscriber identification(e.g. subscriber ID), device identification (e.g. device ID), mediaidentification (e.g. event ID), targeted DRM client information (e.g.client ID) and schedule information (e.g. Timestamp), and (c)information that is required by the DRM update server to retrieve thecurrent service or content key of the media content. In one embodiment,a portion or the totality of the license renewal data is secured by thesecondary DRM system. In another embodiment, a portion or the totalityof the license renewal data is secured by the original DRM system. TheLicense Renewal Data may be required to be stored along with the mediacontent in the secondary DRM client, as part of the initial secondaryDRM license or next to the secondary DRM license. The association of theencrypted media content with the matching license can be made with a setof clear index numbers that are quasi-unique in the domain of thesecondary DRM system. In some embodiments, the information thatidentifies the preferred secondary DRM update server (e.g. URL) can alsoinclude all the other License Renewal data as arguments.

In some cases, the license update request from the secondary DRM clientmay require the original DRM server to directly or indirectlycommunicate to the secondary DRM client the multiple options availablefor the media content (i.e. further playback, unlimited persistence ofthe copy, burn to a DVD, . . . ) In some cases, the response isdelivered to the client through a communication path which is differentthan the path of the client's request.

In some cases, the license update request from the secondary DRM clientmay instruct the secondary DRM update server to issue a new license foranother device than the secondary DRM client. If the initial secondaryDRM license is obsolete or is caused to be no longer valid then thisoperation corresponds to a registered move, if the initial secondary DRMlicense still remains valid, then this operation results in a registeredcontent copy.

In some cases, the license update request from the secondary DRM clientmay instruct the secondary DRM update server to work with the DRM serverof a third DRM system to issue a license for a client of the third DRMsystem. This operation results in a registered content bridge.

Many benefits are achieved by way of the present invention overconventional techniques. For example, the present invention may providefor the original DRM server to be involved in all transactions relatedto the media content it originally released, even if one or morebridging operations between DRM systems have been performed. The presentinvention gives control and rights to the original DRM system even whenthe content has been moved to devices normally out of control of thatsystem. Typically, the originating DRM server does not need to be awareof particular details of how the downstream DRM servers are operated, itdoes not need to carry the certificates and revocation lists of thedownstream DRM systems required to authenticate and revoke thedownstream DRM clients, and it does not need to be approved, certifiedor comply with the robustness and compliance rules of the downstream DRMsystems. In some embodiments of the present invention, secure bridgingmay be accomplished even when relevant DRM systems use different contentscrambling schemes. Additionally, the invention may provide a process inwhich the media content is securely protected by at least one DRM systemduring bridging, e.g., by providing upgrading service for the content atthe source DRM system. Depending upon the embodiment, one or more ofthese benefits may be achieved. These and other benefits will bedescribed further throughout the present specification.

Therefore, as summarized herein, at least certain embodiments of thepresent invention provide, among other things, methods for performing aninverted DRM bridge operation where the initial secondary DRM license isrequired to be sent back to the original DRM server before beingmodified. Furthermore, some embodiments of the present invention allowfor multiple repurposing of bridged media content including but notlimited to, the ability to extend the playback rights, enable furthercopies to be made, export content to other devices and other DRMsystems. All these transactions are conditioned on the approval of theoriginal DRM server and as such guarantee the original rights owner tokeep control of its assets across heterogeneous DRM ecosystems. Forpurposes of this description, CA systems are considered a form of DRMsystems. It will be understood that the terms “upgrade” and “upgrading”include a change in a license or rights which may be considered adowngrade (e.g., the change restricts certain uses by a customer whoreduced their subscription fees). These and other embodiments, features,aspects, and advantages of the present invention will be apparent fromthe accompanying drawings and from the detailed description and appendedclaims that follow.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention is illustrated by way of example and notlimitation in the figures of the accompanying drawings, in which likereferences indicate similar elements and in which:

FIG. 1 shows an exemplary DRM environment in which digital media isdelivered and managed.

FIG. 2 illustrates various message types used in an exemplaryconditional access (CA) system. It shows an entitlement managementmessage (EMM), an entitlement control message (ECM), and a digital mediacontent scrambled (e.g. encrypted) with a control word (CW).

FIG. 3A illustrates an exemplary scenario for protecting the digitalmedia. The figure shows various pertinent messages including a servicekey (SK), a control word (CW), and scrambled digital media content.

FIG. 3B illustrates another exemplary scenario in which the digitalmedia is protected by a digital rights management (DRM) system.

FIG. 4A illustrates an exemplary context where more than two CA and/orDRM systems are employed to protect digital rights. The figure includesa CA server and three DRM systems.

FIG. 4B illustrates an exemplary context where multiple DRM domainsexist to protect the same digital media. The figure shows three DRMcontent stages protected by combinations of two DRM domains.

FIG. 5A is a schematic representation of two exemplary digital rightsmanagement (DRM) systems. The figure also shows the pertinent encryptionand decryption keys associated with each DRM system. The digital mediacontent is protected by either or both DRM systems in this example.

FIG. 5B-FIG. 5D illustrate exemplary contexts where two DRM/CA systemsare used to protect digital rights associated with digital media. Thebridge shown in the middle of each figure divides the system into tworegions. On the left-hand side, the media is protected by a CA system,whereas on the right-hand side, the media is under the protection of adifferent DRM system. In a typical application, the bridge is a DRMserver relative to the DRM client and is a CA client relative to the CAserver.

FIG. 6 illustrates an exemplary context where the invention is used intwo DRM/CA systems. The media, protected by the CA system, crosses thebridge to be stored in the DRM system and protected by the DRM system.

FIGS. 7A-7C illustrate various exemplary communication paths for theSecondary DRM Client to contact the original DRM system for upgradingthe media rights or license.

FIG. 8 illustrates an exemplary context where the invention is used inthree cascade DRM/CA systems. The media, protected by the CA system,crosses a plurality of bridges to be stored in a DRM system.

FIG. 9 illustrates an exemplary process according to certain embodimentsof the present invention as a flow chart. The process shown in the flowchart comprises two operations which may be performed by two distinctentities.

FIG. 10A is a flow chart illustrating an upgrade process according to anembodiment of the present invention. In particular, it shows anoperation crossing the bridge for communication regarding upgrading ofrights or license of digital media content.

FIG. 10B is a flow chart illustrating an upgrade process according to anembodiment of the present invention. In particular, it shows anoperation employing an Upgrade server, and without contacting the bridgeserver.

FIG. 10C is a flow chart illustrating an upgrade process according to anembodiment of the present invention. In particular, it shows anoperation employing an Upgrade server, and an optional bridge servercontact.

FIG. 11 shows an exemplary context where various embodiments of thepresent invention can be practiced.

FIG. 12 illustrates a typical “architecture” of a data processing systemwhich may be used in relation with various embodiments of the presentinvention. For example, the exemplary system shown in the figure mayrepresent a bridge or a DRM server.

FIG. 13A shows an encryption scheme known as transcrambling, whichtransforms the input content scrambled with one key into the contentscrambled a different key. The transformation occurs entirely within ahardware schematically denoted as a rectangular box in the figure.

FIG. 13B shows an encryption scheme known as superscrambling. Thedigital media content is doubly scrambled with two control words fromtwo DRM systems. The doubly scrambled message also includes an encryptedcontrol word.

FIG. 13C shows an encryption scheme known as simulcrypt. The figureshows two entitlement control messages (ECM). The control word, “CW A”,necessary to decrypt the scrambled digital media content can be obtainedfrom either “ECM 1” or “ECM 2”.

FIG. 13D shows a method of bridging, known as a key rotation, which isbased on the assumption that two DRM systems use the same contentscrambling algorithm (common scrambling).

FIG. 14A shows an exemplary process in certain embodiments of thepresent invention. In particular, the figure illustrates an encryptionor scrambling process according to an embodiment. As shown in thefigure, the content is doubly scrambled (or, overscrambled) with twocontrol words, “CW A” and “CW B”.

FIG. 14B shows a schematic representation of a DTCP (DigitalTransmission Content Protection) data packet when used over IP accordingto an embodiment of the present invention. The DTCP packet encodesscrambled digital media content and other pertinent security keys.

FIG. 14C shows a list of encrypted messages and encryption/decryptionkeys in certain embodiments of the present invention. In particular, thecontent has been overscrambled as illustrated in FIG. 13A.

DETAILED DESCRIPTION

The present invention will now be described more fully hereinafter withreference to the accompanying drawings, in which various exemplaryembodiments of the invention are shown. This invention may, however, beembodied in many different forms and should not be construed as limitedto the embodiments set forth herein; rather, these embodiments areprovided so that this disclosure will be thorough and complete, and willfully convey the scope of the invention to those skilled in the art.Likewise, for purposes of explanation, numerous specific details are setforth in the following description in order to provide a thoroughunderstanding of the present invention. It will be evident, however, toone skilled in the art that the present invention may be practicedwithout these specific details. In other instances, well-knownstructures and devices are shown in block diagram form in order to avoidunnecessarily obscuring the present invention.

Reference throughout this specification to “one embodiment” or “anembodiment” means that a particular feature, structure, orcharacteristic described in connection with the embodiment is includedin at least one embodiment of the invention. Thus, the appearances ofthe phrases “in one embodiment” or “in an embodiment” in various placesthroughout this specification are not necessarily all referring to thesame embodiment. Furthermore, the particular features, structures, orcharacteristics may be combined in any suitable manner in one or moreembodiment.

The present invention provides systems, methods, and apparatuses forconditional access and protection of digital media content. Embodimentsof the present invention provide methods for managing digital rightsunder the protection of one or more conditional access (CA) and/ordigital rights management (DRM) systems. According to some embodiments,systems and methods are provided for bridging multiple DRM systems inthe digital media distribution and storage systems, providingcommunication between the multiple DRM systems so that a media contentencrypted by an original DRM system can be assessed by a secondary DRMsystem. The media content is usually protected by encryption algorithmsfrom the original DRM system, with the encryption reflecting certainrights or license of the media imposed by the original DRM system. Thecommunication between DRM systems provides a secondary DRM system withaccess so that by passing a bridge or boundary between the two DRMsystems, the original rights or license to the media content can then beconverted into new rights and license of the secondary DRM system basedon the terms and conditions applicable at the time of the bridgetranslation. However, there is often a need for the DRM bridge to beable to further update the secondary DRM system content license overtime if the terms and conditions have changed. One example will be a CAsystem authorizing the playback of recorded media content under theprotection of a secondary DRM system, only as long as the original CAsubscription is maintained. In this case the original license issued bythe DRM bridge may not allow any playback rights. The process consistsof a request to the DRM bridge for an updated license authorizingplayback by the secondary DRM system. Another example will be a CAsystem that would like to up-sell the right to perform certainoperations on a piece of content (i.e. up-sell the right to burn thecontent to a recordable DVD) once the content has been viewed. Thecontrol across a bridge allows the original DRM system to seamlesslydistribute media contents to a secondary DRM system without exposing thecontent to unauthorized uses. The control across a bridge further allowsa client of a secondary DRM system to seamlessly access, e.g. upgraderights or license, a media content provided by an original DRM system.In certain embodiments, the media content across a bridge is protectedby both DRM systems, where the original DRM system provides old rightsand license to the media content, and the secondary DRM system providesupgradeable access to the rights and license.

With reference now to FIGS. 5-14C, various embodiments of the presentinvention are described in detail. FIGS. 5A-5D illustrate exemplarycontexts in which some of the embodiments of the present invention canbe practiced. In FIG. 5A, a schematic representation of two exemplarydigital rights management (DRM) systems, 522 and 534, are depicted. EachDRM system is symbolically represented by its encryption and decryptionkeys. More specifically, the DRM system 522 comprises encryption keys524 and 528 and their corresponding decryption keys 526 and 530,respectively, and the DRM system 534 comprises encryption keys 536 and540 and their corresponding decryption keys 538 and 542, respectively.In the case of cable TV broadcasting, the first pair of encryption anddecryption keys (e.g., 524 and 526) represents service keys (SK), andthe second pair (e.g., 528 and 530) represents control words (CW).Control words are used to scramble and/or descramble digital mediacontent. In some embodiments, symmetric key cryptography may be used forcertain tasks or functions. In such a case, one or more pairs ofencryption and decryption keys may be identical or otherwise equivalent(in computational sense) to each other. For example, if symmetric keycryptography is used in DRM system 522 for scrambling digital mediacontent, then the keys 528 and 530 are essentially identical. In somecases, encryption key 528 may be derived from decryption key 530, butnot vice versa. In some embodiments, content encryption (e.g.,scrambling media content with control words) is done using symmetric keycryptography and key encryption (e.g., encrypting control words withservice keys) is done using asymmetric key cryptography. In general,encryption/decryption schemes based on symmetric key cryptography arecomputationally less expensive than those using asymmetric keycryptography.

FIG. 5A also shows digital media content 532 which may be under theprotection of the first DRM system 522 or the second DRM system 534, orboth. These two DRM systems may be employed for protection of thedigital media either at the same time or alternately at different timesor at different stages of delivery and processing. For example, thedigital media owners such as movie studios and media distributionservices such as cable network companies might utilize different andseparate DRM systems (e.g., 522 and 534) for the same digital media, orfor different parts of the same media. This has been illustrated, forexample, with respect to FIGS. 4A, and 4B. In the example shown in FIG.5A, the digital media 532 delivered, for example, from a conditionalaccess server (not shown in the figure) may first be protected by thefirst DRM system 522, which may be managed by the CA server, forexample, associated with a cable company. In order to play the deliveredcontent or to obtain additional rights not already received, the usermay need to get proper access permission from both the CA system 522 andthe DRM system 534. Suppose now that the digital media content has beenplayed and stored for later viewing. The stored content may then beplaced under the protection of the second DRM system 534, which may bemanaged, for example, by a movie studio who has the copyright on part orall of the stored digital media or by a certain content managementdevice or software. In certain embodiments, the stored content may stillbe protected by the first DRM system 522 together with the second system534. In certain embodiments, at some point during the media delivery,processing, playing, and storage processes, the protection by the firstDRM system 522 may be removed and the stored digital media 532 may beprotected only by the second DRM system 534. In this type ofapplication, the first DRM system 522 will be considered more “global”(e.g., closer to the distributor of the digital media) whereas thesecond DRM system 534 will be considered more “local” (e.g., closer tothe consumer of the digital media).

This is further illustrated in FIGS. 5B-5D with regards to differentexamples. The drawings illustrate exemplary contexts where two DRM/CAsystems are used to protect digital rights associated with digital mediaas in the example of FIG. 5A. The bridge shown in the middle of eachfigure divides the system into two regions. On the left-hand side, themedia is protected by a CA/DRM system, whereas on the right-hand side,the media is under the protection of a different DRM system. A bridgewill typically include a CA client (or DRM client for a first DRMsystem) and a DRM server (for a second DRM system); the CA client is aclient relative to the CA server, and the DRM server is a serverrelative to the second DRM client. The first DRM system (i.e., theleft-hand side CA server in the figures) and the second DRM system maybe associated with control words 528/530 and 540/542 of FIG. 5A,respectively. It should be noted that more than one (pair of) controlword (and/or more than one service key) might be associated with eachDRM system even though it is not explicitly indicated in these figures.As stated earlier, in some systems such as those used in the cable TVbroadcasting, the typical lifetime of a control word is of the order of0.1 second or 1 second. Referring back to FIGS. 5B-5D, a DRM bridge 556is shown in the middle of each figure. On the left hand side of thebridge, the digital media is delivered from a CA server, 552. On theright hand side, it is consumed by a client (e.g., associated with a DRMclient, 560). FIG. 5B depicts a scenario where the digital media contentis delivered by CA server 552 a and is further protected by the same CAserver. The media is stored on a storage 554 a, such as a set-top box ora computer or a media entertainment system or other data processingsystem, on the left hand side of the bridge. In this particularscenario, the second, or “local”, DRM system (e.g., indicated by DRMclient 560 a in the figure) relies on the CA server 552 a to enforce thedigital rights including those related to storage and those related toother content operations downstream from the DRM bridge. A DRM clientmay need to contact the CA server to access the media if the initialrights and license exceed those provided during the bridge operation. InFIG. 5C, on the other hand, the media content delivered from a CA server552 b is stored on a storage, such as a personal computer, on theright-hand side of the bridge 556. It should be noted that the bridgetypically includes a DRM server and a CA client. In these examples, thebridge 556 plays the role of “local” DRM server protecting digital mediaon the right hand side (e.g., consumer side). In this scenario, thelocal DRM system (e.g., the bridge 556) enforces the digital rightsprotection for the media content stored in the storage 558 b. However,for the CA server to retain control of the media, it is encrypted withcertain rights and license from the CA rules, which can be upgraded withrequest from the DRM client. FIG. 5D illustrates yet another example, inwhich the digital media content is stored in more than one device. Forexample, storage 554 c may be a personal computer or a DVR (digitalvideo recorder), and storage 558 c may be a mobile device. Then thebridge 556 may be a part of “sync” agent enforcing digital rightsprotection. In this example, the media content is first delivered by aCA server 552 c, stored in 554 c, and further protected by the same CAsystem (or by a different DRM system). When a user “copies” the mediacontent to a different device/storage 558 c under the protection of adifferent DRM system on the “local” side, the bridge 556 is involved.Then, the media can be played or otherwise consumed, in compliance withthe proper rights, “locally” without the need to access the original DRMor CA server (e.g., 552 c). The proper rights can be upgraded withrequest from the DRM client to the proper DRM server system.

When the digital media is passed from one DRM system to another DRMsystem, the media (and its associated keys) may be descrambled/decryptedusing the keys from one DRM system (e.g., 552) and rescrambled/encryptedusing the keys from the next DRM system (e.g., 556 and 560). In theexamples illustrated in FIGS. 5B-5D, the media under the protection ofthe first DRM system and/or a CA server is descrambled and scrambledagain for the next DRM system, for example, in the bridge 556.

Whenever the media crosses boundaries of different DRM systems, oldrights or license are translated into equivalents rights and license forthe local DRM based on the terms and conditions that are in force at thetime of the transaction. Thus the present invention provides means andmethodology for the local DRM client to contact the original DRM toupgrade later on the rights or license of the media. In the following,with reference to FIGS. 6-14, various exemplary embodiments of thepresent invention are presented, some of which address this upgradeissues at or around the bridge points. The following examples will beexplained in the context of two DRM systems. As will be evident,however, to those skilled in the art, embodiments of the presentinvention may be practiced with more than two systems for digital rightsprotection.

Referring now to the following figures, various aspects of certainembodiments of the present invention are illustrated. FIG. 6 illustratesan exemplary embodiment of the present invention covering two DRMsystems 10 and 18. The drawing illustrates an original DRM system 10,comprising a CA server 11 and a CA client 12, providing a media content,through a bridge 14, to a secondary DRM system 18, comprising a DRMserver 13, a storage 15, a DRM client 16, and a display 17 for the DRMclient. A bridge 14 exists between the two DRM systems, and the bridge14 includes a CA client 12 and a DRM server 13. In this embodiment, amedia content is delivered from the CA server 11, across the bridge 14to be stored on the storage 15, under the control of the local DRMsystem. The bridge could be a super scrambling bridge, a transcramblingbridge, a common scrambling bridge, a simulcrypt bridge, or anoverscrambling bridge. Once stored the media content is under theprotection of the local DRM system and as such no more subjected to thecontrol of the CA server 11. The invention, in a embodiment, defines amethod for the content to be repurposed by the CA system once it hasbeen bridged to the local DRM. For example, the CA media content mayinclude various CA rules, such as a viewer can record the content, butthe viewer must be verified to have a current subscription when tryingto play back from a recorded content. Another CA rule can be that aviewer can record once and watch without paying but can only make a copyif paying a predetermined amount (e.g. $3.99) for each extra copy. OtherCA rule can be that a viewer can record once but can only play backafter paying a predetermined amount to watch the content. Other CA rulecan be that a viewer can record once and can play for e.g. 30 days andcan extend the viewing time (e.g. unlimited use beyond 30 days) ifpaying a predetermined amount (e.g. $3.99). Still another CA rule can bethat the viewer can record once, and can play in a certain location,e.g. the living room, but can play only in other locations, e.g. thebedroom, after paying a predetermined amount (e.g. $3.99).

The present invention in certain embodiments, addresses the issue of howthe DRM system will be authorized by the CA system to update the rightsand the license of an already delivered piece of media content.Specifically, the bridge will need to include additional data (e.g.License Renewal Data) into the original DRM license, so that uponlicense update request, the data can be used to reconcile thetransaction with the CA server and update the license applicable to thealready delivered piece of media content. Upgrading rights and licensealso may mean providing new rights and license for media content withoutany previous rights or license.

The present invention discloses methods, in certain embodiments, to beable to modify or upgrade the original secondary DRM License long afterit has been issued but still under the rules of the original CA serveror DRM system. The CA media content is typically stored on the DRMclient, together with the original secondary DRM License. Both contentand license are related by the use of a common index. The index can be apointer or a number attached to the content and license (e.g. subscriberID and event ID), and thus can effectively identify the content andlicense of the media. The index can be used to find the DRM license todecrypt the content.

When the secondary DRM server, in the bridge, creates the originalsecondary DRM license, it also adds the License Renewal Data. In someembodiments, the License Renewal Data is part of the original secondaryDRM License, in some other embodiments the data consists of anindependent object that is cryptographically related with the originalsecondary DRM license and the encrypted content. The License RenewalData is then stored, at the DRM client, along with the originalsecondary DRM license and the scrambled content. The License RenewalData can include a subscriber ID, an event ID, and a service key. Thesecondary DRM client can pass the encrypted License Renewal Data back tothe CA server through the secondary DRM upgrade server in order to getthe new rights. The DRM client can also pass the encrypted LicenseRenewal Data back to the CA server through the DRM server in the bridge.

In the bridging scheme of media transfer at least certain embodimentsof, the present invention also provide solutions to consolidate billingstatements when the updated rights require a new transaction, and torecover content even in the case when the secondary DRM client hascrashed and may have lost some of its licenses.

FIG. 7A shows an embodiment of the present invention where a mediacontent from a CA server 11 passes through a bridge 14 to be stored in astorage 15, controlled by a DRM client 16. The exemplary methodcomprises the secondary DRM system to contact the CA system to get newrights or license for the already recorded media content. FIG. 7A showsan embodiment of the communication paths for the secondary DRM client toupgrade the rights or license of the media content, which includes acommunication path 21 between the secondary DRM client 16 and the DRMserver 13 within the bridge 14; a communication path 22 across thebridge 14, between the DRM server 13 and the CA client 12; acommunication path 23 between the CA client 12 and the CA server 11; andan alternative communication path 23′ between the CA client 12 and CAbilling server 20. The CA billing server 20 can be a CA upgrade server,acting for upgrading rights or licenses for the CA system. In anembodiment, to upgrade the rights or license of the media, the DRMclient 16 contacts either the CA server 11, or a CA billing server 20 toreceive an upgrade response. The CA server 11 is the server sending themedia, and the CA billing server is another CA server, responsible forcollecting royalty or payments from the CA Server transactions. Theconnection between the CA Server and the CA Billing Server is not shown.A typical connection path for the request includes a request from theDRM client 16 sending to the DRM server through the communication path21; then the DRM server passing the request through the reconstructionof the bridge 14 to the CA client 12 (path 22); and then the CA client12 passing the request to either the CA server 11 through thecommunication path 23 or the CA billing server 20 through thecommunication path 23′. The DRM client then receives a response forupgrading the media content through a reverse path. In some embodiment,the CA client may have preemptively received authorization from the CAserver to update the secondary DRM license, and as such thecommunication paths 23 and 23′ are not used.

FIG. 7B shows another embodiment of the present invention. An exemplarymethod comprises the DRM system contacting a DRM upgrade server 19,which then contacts a CA billing server 20 or a CA server 11 to get newrights or license to the media content. FIG. 7B shows an embodiment ofthe various communication paths for the DRM client to upgrade the rightsor license of the media content, which includes a communication path 25between the DRM client 16 and the DRM upgrade server 19, and acommunication path 26 between the DRM upgrade server 19 and the CAbilling server 20. Alternatively, the communication path 26 can bereplaced with a communication path 26′ between the DRM upgrade server 19and the CA server 11. In an embodiment, a DRM upgrade server 19 isprovided to upgrade the rights or license of the media according to therequest from the DRM client 16. The DRM client 16 then can contacteither the CA server 11, or a CA billing server 20 through a DRM upgradeserver 19 to request upgrading the media content. A typical connectionpath for the request includes a request from the DRM client 16 sendingto the DRM upgrade server 19 through the communication path 25; then theDRM upgrade server 19 passing the request to either the CA server 11through the communication path 26′ or the CA billing server 20 throughthe communication path 26. The DRM client then receives a response forupgrading the media content through a reverse path, such as path 26 topath 25 or path 26′ to path 25. The reverse path does not have to be thesame as the forward. For example, the response can be sent through adifferent return path such as the return path shown in FIG. 7A. Thedifferent return path can be the path 23* or 23** from the CA server 11or the CA billing server 20, respectively, to the CA client 12; thenpath 22* through the bridge 14, from the CA client 12 to the secondaryDRM server 13; and finally path 21 * from the secondary DRM server 13 tothe secondary DRM client 16. This embodiment simplifies the upgradecommunication, employing a DRM upgrade server and/or a CA billingserver. In at least certain embodiments, the DRM upgrade server 19contacts either the CA billing server 20 or the CA server 11 for theupgrade, and this may cause the CA billing server 20 and the CA server11 to communicate between each other to, for example, synchronize theirinformation with respect to the upgrade of the media (e.g., the type ofupgrade, the account and media upgraded, etc.). In some embodiments, theDRM upgrade may have preemptively received authorization from the CAServer or the CA Billing Server to update the DRM license, and as suchthe communication paths 26, 26′ or the return path 21 *, 22*, 23* or23** are not used.

FIG. 7C shows another embodiment of the present invention. The exemplarymethod provides an alternative communication path for the DRM client 16to contact the DRM upgrade server 19. The alternative communicationpaths comprises a path 21 for the DRM client 16 with the DRM server 13,and a path 27′ for the DRM server 13 to the DRM upgrade server 19. Thecommunication from the DRM upgrade server with the CA system can passthrough the path 26 or 26′ as discussed in FIG. 7B above. Further, thereturn path can be a reverse path, i.e. tracing back the forwardcommunication path. The return path can be a different path, such as thepath 23*/23**, 22*, and 21* as discussed in FIG. 7B above.

FIG. 8 shows another embodiment of the present invention for multipleDRM systems. The exemplary multiple DRM systems comprise an original CAsystem 10, passing through a bridge 14 to a secondary DRM system 18,then through a bridge 41 to a tertiary DRM system 48. The media contentgenerated from the original CA server 11 can pass through the bridge 14to be stored in the storage 15, or can further travel across the bridge41 to be stored in the storage 42. DRM client 16 or DRM client 43 cancontact the original CA system to request this media content. Ingeneral, a license update is needed to authorize a bridge transaction,thus the media content stored in storage 15 from the DRM client 16 wouldneed permission or license from the original CA system 10 to be able tocross the bridge 41 to reach the DRM client 34. In one embodiment, DRMclient 16 may need to modify the original secondary DRM license toauthorize the bridge operation to the third DRM system.

Various exemplary methods according to embodiments of the presentinvention are now shown in FIGS. 9-10 as flow diagrams. FIG. 9illustrates an overall process according to embodiments of the presentinvention. The flow chart shows three operations performed, possibly, bytwo separate DRM entities, an original DRM server and a secondary DRMserver/client. According to the process shown in the flow chart, anoriginal DRM server sends a media content with original rights and/orlicense to a secondary DRM client across a bridge of the originalDRM/secondary DRM, at 30. The media content, together with the originalrights and license is translated across the bridge, at 31, in a mannerto allow the secondary DRM server to upgrade the original license orissue new rights, preferably with the permission from the original DRMsystem. The translated rights or license can include information toidentify owner and types of media to allow the original DRM to log andauthorize an upgrade request. Further information such as LicenseRenewal Data can be added to the acquired content to aid the upgradingprocess, for example, to reconcile with the original transaction, tohelp the original DRM to find the original license. The additional datacan be secured by the original or the secondary DRM system. The LicenseRenewal Data may be included in the license or cryptographically linkedto it. The License Renewal Data may include subscriber identificationdata, event identification data, time stamp, device identification data,renewal traceability data, restore data. The License Renewal Data canalso include encrypted content key.

The upgrading service that the secondary DRM server can perform mayinclude extending the lifetime of the license, enabling new rights suchas additional copies, enabling new exports such as additional bridging,enabling move operations or restoration of all licenses for anothermachine. The operation of the secondary upgrade server can be silent orrequire a user dialog. In an exemplary silent operation, the upgradeserver can retrieve stored information such as payment type, and performthe upgrade without a client dialog. In an exemplary dialog operation,the upgrade server prompts a dialog with the client, and receives neededinformation to perform the request.

The secondary DRM client then requests new rights or license, at 32, forexample, as shown in FIGS. 7A-7C. The request is then sent to theoriginal DRM server, and after processing, the original DRM transmits aresponse. The response is processed to enable the secondary DRM toupgrade the media content according to the request. In some embodiments,the request comprises the reference to the media, the old rights orlicense, and the newly requested rights or license. In certain cases,the request comprises License Renewal Data, included or linked to theoriginal License. In some embodiments, the transmitted responsecomprises the new rights or license to the media content.

In some aspects, the original license is extracted and sent back to theoriginal DRM system before being modified. The secondary DRM server,upon receiving authorization from the original DRM system, can extractthe service or content key, and then generate a new license for thesecondary DRM client using the same content key but with new rights.

With reference to FIG. 10A, the flow chart illustrates an exemplaryprocess for upgrading digital media content according to an embodimentof the present invention. As before, this exemplary method is describedin the context of protecting digital media using two digital rightsmanagement (DRM) systems, denoted as “Original” and “Secondary” in theflow chart. The exemplary process shown in the figure starts, at 50, bysending a request for new rights or license to a media content by theSecondary DRM Client. The request may include the original secondary DRMLicense with the License Renewal data that have been prepared by thebridge at the time of the license creation. The Secondary DRM serverreceives the request and transmits it, at 51, across the bridge to theOriginal DRM Client. The bridge can be reconstructed for the message tobe sent through. In an embodiment, the Original DRM Client receives therequest and transmits it to the Original DRM Server, in 52A, which thenprocesses the request and transmits a response to the Original DRMClient, in 53A. The response may comprise the new rights or license, andan updated set of License Renewal data. In an alternative embodiment,the Original DRM Client transmits the request to the Original DRMBilling Server, in 52B, which then processes the request and transmits aresponse to the Original DRM Client, in 53B. The Original DRM Server istypically the server that sends the media content across the bridge tothe Secondary DRM Client. The Original DRM Billing Server is a serverfor the Original DRM system which is not the server that sends the mediacontent, but is special server designed to process billing requirements.The Original DRM Client then transmits the response across the bridge tothe Secondary DRM Server, in 54, which then transmits the response tothe Secondary DRM Client, in 55. Thus in response to the request, in 50,the Secondary DRM Client receives a response, corresponding to therequest for new rights or license to the media content, in 56. In thisexemplary process, the original DRM server or the original DRM billingserver acts as the upgrade server, authenticating the request andtransmitting the authorization (upgraded license or new rights) to thesecondary DRM client.

With reference to FIG. 10B, the flow chart illustrates another exemplaryprocess for upgrading digital media content according to an embodimentof the present invention. The exemplary process shown in the figurestarts, at 60, by sending a request for new rights or license to a mediacontent by a Secondary DRM Client to a Secondary DRM Upgrade server. TheUpgrade server is a separate server for the secondary DRM system, and isdesigned to handle upgrade request. By going through the upgrade server,the request does not have to route though the bridge. The Secondary DRMUpgrade server can transmits the request to the Original DRM Billingserver, in 61A, or the Original DRM server, in 61B, and which thenreplies with a response to the Upgrade server, in 62C or 62D,respectively. The Upgrade server then transmits the response to theSecondary client, in 63B. Thus in response to the request, in 60, theSecondary DRM Client receives a response, corresponding to the requestfor new rights or license to the media content, in 65.

Alternatively, instead of tracing back the response with the path of therequest, the Original DRM Billing Server or the Original DRM Server,from 61A or 61B, can reply to the Original DRM Client in the Bridge, in62A or 62B, respectively. The Original DRM Client in Bridge then cantransmit the response across the bridge to the Secondary DRM Server, in63A, which then transmits the response to the Secondary DRM Client, in64. Thus in response to the request, in 60, the Secondary DRM Clientreceives a response, corresponding to the request for new rights orlicense to the media content, in 65.

With reference to FIG. 10C, the flow chart illustrates another exemplaryprocess for upgrading digital media content according to an embodimentof the present invention. The exemplary process shown in the figurestarts, at 70, by sending a request for new rights or license to a mediacontent by a Secondary DRM Client to the Secondary DRM server. TheSecondary DRM server receives the request and transmits it to theSecondary DRM Upgrade server, in 71. The Secondary DRM Upgrade servercan transmits the request to the Original DRM Billing server, in 72A, orthe Original DRM server, in 72B, and which then replies with a responseto the Upgrade server, in 73C or 73D, respectively. The Upgrade serverthen transmits the response to the Secondary DRM Server, in 74B. TheSecondary DRM Server then transmits the response, in 75, to theSecondary DRM client. Thus in response to the request, in 70, theSecondary DRM Client receives a response, corresponding to the requestfor new rights or license to the media content, in 76.

Alternatively, instead of tracing back the response with the path of therequest, the Original DRM Billing Server or the Original DRM Server,from 72A or 72B, can reply to the Original DRM Client in the Bridge, in73A or 73B, respectively. The Original DRM Client in Bridge then cantransmit the response across the bridge to the Secondary DRM Server, in74A, which then transmits the response to the Secondary DRM Client, in75. Thus in response to the request, in 70, the Secondary DRM Clientreceives a response, corresponding to the request for new rights orlicense to the media content, in 76.

With reference now to figures, FIG. 11 illustrates an exemplary contextwhere certain embodiments of the present invention can be practiced.More specifically, the drawing illustrates a networked system with twosecurity system sources, 444 and 450, with their own conditional accessservers, 446 and 448, respectively, and two DRM systems, 492 and 494.The figure also includes various clients, 454, 458, 462, 472, 484, and488. In one embodiment of the present invention, these variouscomponents are connected to a network 442, such as a local area network(LAN) or a wireless LAN. The network 442 may be partially a wiredEthernet in a home of a service subscriber with one or more wirelessaccess points for mobile devices such as a personal digital assistant(PDA), a palm computer, a notebook computer, or a cellular phone (e.g.,connected to the network through a WiFi or Bluetooth connection). Forexample, in FIG. 11, the PDA 482 connects to the access point 480through the wireless connection and further to other components throughthe network 442. The network may also be a network for an organizationor a commercial establishment (e.g., a hotel or a motel chain), such asan intranet or a virtual private network.

In FIG. 11, a digital rights management (DRM) server 494 is used withthe cable TV service. The cable conditional access (CA) server 448couples with the cable headend 450 to provide the CA protected mediacontent through the cable television transmission system to the cable TVbridges (e.g., 454 and 456) which may include cable TV tuners. The cableTV set-top boxes (STB) receive the data packages and de-multiplex theentitlement management messages (EMM) and entitlement control messages(ECM) and the scrambled media content. Under the control and protectionof the DRM server 494, the media content can be secured on a storage(e.g., 456, 458, 484) for access by various devices which can play backthe media content, such as the personal computer 484, the media player488, or the PDA 482. The personal computer 484 typically displays thevideo content on the display device 486, such as a cathode ray tube(CRT) monitor, a liquid crystal display (LCD) panel, or a plasma displaypanel. The media player 488 may present the media content on atelevision set 490. A media player may also be integrated with atelevision set to form a network-ready digital television set.

In one embodiment, the DRM server 494 provides services todescramble/decrypt the cable TV broadcast. The decrypted/descrambledinformation is further protected by the DRM system so that the mediacontent from the broadcast of the cable TV system can be used in anauthorized way. When authorized, the content can be recorded and playedback at any time on any device convenient to the user in accordance withthe rights of the subscriber. For example, with a subscription to onlyone simultaneous use, a user may choose to use cable TV set-top box 454to receive the broadcast and view the program on the TV 452, or usecable TV set-top box 456 to record the program on the associated storagefor playing back at a different time, for example, using PDA 482,personal computer 484, or media player 488. In some embodiments, themedia content and/or associated keys are protected by encrypting thedata with encryption keys associated with the DRM system 494.

In FIG. 11, another DRM system 492 is used in association with both thesatellite TV set-top box C 462 and the satellite TV set-top box D 472.The DRM server 492 may store the protected media content on its storageor on other storage devices on the network, such as the storage on thepersonal computer 484 or the storage 458. Typically, a satellite 444broadcasts the protected media content to a geographical area. Separatesatellite dishes (e.g., 460 and 470) are used for different satelliteset-top boxes (e.g., 462 and 472, respectively). Typically, to accesstwo different channels simultaneously, two set-top boxes are used.Satellite set-top boxes are independent from each other. The satellitebroadcasts to the two set-top boxes as if the set-top boxes were for twodifferent subscribers. In certain embodiments of the present invention,one DRM server (e.g., 492) is used to manage digital rights associatedwith multiple set-top boxes (e.g., 462 and 472).

In an embodiment, one or more DRM servers are used to protect digitalmedia which have been originally delivered by one or more servers, suchas CA servers, which makes desirable to have bridges between the DRMsystems to simplify content management, while enforcing digital rightsmanagement within both DRM systems. In one embodiment of the presentinvention, multiple DRM servers are physically in one data processingdevice with different software and smart cards for the processing of themessages of different CA systems. Further, a DRM server may beintegrated with a bridge, a storage device (e.g., PDA 482, personalcomputer 484, media player 488), or combination of them. For example,the DRM system 492, which may be used in conjunction with a satellite TVCA server 446, may include a storage for recording media content, ainterface between a satellite dish and a renderer for decoding the mediacontent into standard video signals (for a television set and/or for acomputer monitor).

FIG. 12 illustrates a typical “architecture” of a data processingsystem, which may be used with various embodiments of the presentinvention. For example, the system shown in the figure may represent anexemplary bridge implementation according to an embodiment. Or, it mayrepresent an exemplary DRM server. As will be appreciated by one ofskill in the art, the present invention may be embodied as a method,data processing system or program product. Accordingly, the presentinvention may take the form of an entirely hardware embodiment, anentirely software embodiment or an embodiment combining software andhardware aspects. Furthermore, the present invention may take the formof a computer program product on a computer-readable storage mediumhaving computer-readable program code means embodied in the medium. Anysuitable storage medium may be utilized including hard disks, CD-ROMs,DVD-ROMs, optical storage devices, or magnetic storage devices. Thus thescope of the invention should be determined by the appended claims andtheir legal equivalents, and not by the examples given. Note that whileFIG. 12 illustrates various components of a data processing system, itis not intended to represent any particular architecture or manner ofinterconnecting the components as such details are not germane to thepresent invention. It will also be appreciated that network computersand other data processing systems (such as cellular telephones, personaldigital assistants, media players, etc.) which have fewer components orperhaps more components may also be used with the present invention.

As shown in FIG. 12, the computer system, which is a form of a dataprocessing system, includes a bus 502 which is coupled to amicroprocessor(s) 504 and a memory 506 such as a ROM (read only memory)and a volatile RAM and a non-volatile storage device(s) 508. The storagedevice may be used to store digital media content in certainembodiments. The system bus 502 interconnects these various componentstogether and also interconnects these components 504, 506, and 508 to adisplay controller(s) 510 and display devices 512 and to peripheraldevices such as input/output (I/O) devices 516 and 518 which may bemice, keyboards, modems, network interfaces, printers and other deviceswhich are well known in the art. Typically, the I/O devices 516 and 518are coupled to the system through one or more I/O controllers 514. Thevolatile RAM (random access memory) 506 is typically implemented asdynamic RAM (DRAM) which requires power continually in order to refreshor maintain the data in the memory. The mass storage 508 is typically amagnetic hard drive or a magnetic optical drive or an optical drive or aDVD ROM or other types of memory system which maintain data (e.g. largeamounts of data) even after power is removed from the system. Typically,the mass storage 508 will also be a random access memory although thisis not required. While FIG. 12 shows that the mass storage 508 is alocal device coupled directly to the rest of the components in the dataprocessing system, it will be appreciated that the present invention mayutilize a non-volatile memory which is remote from the system, such as anetwork storage device which is coupled to the data processing systemthrough a network interface 518 such as a modem or Ethernet interface.The bus 502 may include one or more buses connected to each otherthrough various bridges, controllers and/or adapters as is well known inthe art. In one embodiment, the I/O controller 514 includes a USB(universal serial bus) adapter for controlling USB peripherals and anIEEE 1394 (i.e., “firewire”) controller for IEEE 1394 compliantperipherals. The display controllers 510 may include additionalprocessors such as GPUs (graphical processing units) and they maycontrol one or more display devices 512. The display controller 510 mayhave its own on-board memory.

It will be apparent from this description that aspects of the presentinvention may be embodied, at least in part, in software. That is, thetechniques may be carried out in a computer system or other dataprocessing system in response to its processor, such as amicroprocessor, executing sequences of instructions contained in amemory, such as ROM or RAM 506, mass storage, 508 or a remote storagedevice. In various embodiments, hardwired circuitry may be used incombination with software instructions to implement the presentinvention. Thus, the techniques are not limited to any specificcombination of hardware circuitry and software or to any particularsource for the instructions executed by the data processing system. Inaddition, throughout this disclosure, various functions and operationsmay be described as being performed by or caused by software codes tosimplify the description. However, those skilled in the art willrecognize what is meant by such expressions is that the functions resultfrom execution of the code by a processor, such as the CPU unit 504.

There are various bridging schemes between the DRM systems according tothe present invention. FIG. 13A shows a bridge known as transcrambling.Transcrambling is a hardware-based method for changing digital mediaprotection between two different DRM systems. The transformation occursentirely within a generally secure hardware device (e.g., in a singleintegrated circuit chip), which is schematically denoted as arectangular box 302 in the figure. The digital media content 308 isinitially scrambled with a control word 310 (“CW A”), which is alsoencrypted with a service key (“SK A”). Both the content and the controlword are under the protection of the first DRM system (not explicitlyshown in the figure). Once the content 308 is input into thetranscrambler chip 302, it is first descrambled, at 304, using the(decrypted) control words 310, and it is rescrambled, at 306, using the(decrypted) control word 314 (“CW B”) of the second DRM system (notexplicitly shown). Note that the control word 314 is under theprotection of the second DRM system, as indicated in the figure by thefact that it is encrypted with a service key (“SK B”) from the secondDRM system. The rescrambled content 312 is then transmitted out of thetransformation unit 302 for further processing or storage. Since the DRMbridging occurs within a single chip, this method is consideredrelatively secure. In some designs, the chip is made “opaque”, and it isprotected against reverse engineering using various means. However, thisscheme is rather expensive since it requires manufacturing of integratedchips with specific dedicated functions. It also lacks flexibility sincethe hardware design is not easy to change.

FIG. 13B shows a bridge known as superscrambling. Superscrambling refersto a technique of recursively, or repeatedly, scrambling digital mediacontent with control words of multiple DRM systems. The figureillustrates an exemplary superscrambling process with two control words,each of which is from a different DRM and/or CA system. Morespecifically, the figure illustrates a process of superscrambling amedia content 332 with two control words, 334 and 346. Control word 334and service key 338 (e.g., “local” keys) are associated with one DRMsystem (e.g., an “inner” or “local” system), whereas control word 346and service key 350 (e.g., “global” keys) are associated with anotherDRM system (e.g., an “outer” or “global” system). The digital mediacontent 332 is first encrypted, or scrambled, with the first controlword 334, at 336, and a scrambled content 342 is produced. Likewise,control word 334 is encrypted with service key 338, at 340, and an ECM344 is created. This pair of encrypted data is then encrypted again withthe second control word 346, at 348. This generates a doubly scrambled(or, “superscrambled”) content 354, which is schematically shown in thefigure to include the first scrambled media content 342 and the firstECM 344. The second control word 346 is also encrypted with the secondservice key 350, at 352, and a new ECM 356 is created. Then, this pairof encrypted data, 354 and 356, is delivered to clients, for example,through a distribution path similar to the one shown in FIG. 4B. Sincethe digital media content is doubly scrambled in this example, thecontent is never exposed in clear form during the transmission (e.g.,while passing between the first and the second DRM systems). Inparticular, when the outer encryption layer (e.g., represented by thecontrol word 346 in the scrambled content 354 of FIG. 13B) is removed,the content is still protected by the first DRM system, indicated by thefact that the content 342 is encrypted with the control word 334. Itshould, however, be noted that this prior art approach requires both DRMsystems present both at the source (e.g., a server) and at the sink(e.g., a client device). This approach may not be feasible in manypractical applications, especially when “global” keys may not beavailable on the second (e.g., “inner”) DRM system.

Another bridge called simulcrypt is illustrated next with respect toFIG. 13C. Simulcrypt is a method for encrypting data in multiple ways,e.g., using multiple keys, so that it can be decrypted with any of thecorresponding decryption keys. In the example shown in the figure, whichis described in the context of cable television content delivery, thedigital media content 396 is scrambled with a control word 390, which isencrypted in two alternative methods. That is, the control word 390 isencrypted with two different service keys, as shown in the figure as twodifferent ECMs, 382 and 384. Therefore, the decryption key 390 can beobtained from either ECM 382 or ECM 384, and a client who has access toeither of the ECMs, 382 or 384, can recover the control word 390, eitherby decrypting, at 386, the ECM 382 or by decrypting, at 388, the ECM384. As illustrated in the figure, once the control word 390 isrecovered, the encrypted content 392 can be descrambled, at 394, toobtain the clear content 396.

FIG. 13D shows how a bridge known as common scrambling can simplify the‘bridging’ process when relevant CA or DRM systems share the samecontent scrambling/encryption algorithm. In the example illustrated inthe figure, two DRM systems (represented by ‘A’ and ‘B’) are employed atthe bridge 422 to manage the digital rights associated with a digitalmedia. Both DRM systems use the same scrambling algorithm, and inparticular the same control word 420. The control word 420 can berecovered from an ECM 416 with proper permission (e.g., service key 414of the first DRM system). At the bridge 422, the content 418 a is notdescrambled with the control word 420 but it is output as it is, i.e.,as the same scrambled content 418 b shown at the right-hand side of thefigure. However, the control word 420 (“CW A”) is decrypted and thenencrypted again using a different service key 415 from the second DRMserver (ECM 424). The content is, therefore, not exposed in clear formin the bridge. It should be noted that this particular prior art methodis only concerned with bridging of the keys but not contents and, asstated earlier, this bridging method can be used only when the two DRMsystems use the same scrambling algorithms as in the case of commonscrambling.

Referring now to FIGS. 14A-14C, various aspects of certain embodimentsof an overscrambling bridge are illustrated. FIG. 14A illustrates anencryption or scrambling process according to an embodiment. Thisexemplary process pertains to encrypting digital media content 582 andtwo control words, 584 and 590, each of which may be associated with adifferent digital rights management (DRM) system. First, digital mediacontent 582 is scrambled, at 586, with a control word 584 (“CW B”)associated with a target (or, “outer” or “local”) DRM system, and ascrambled media content 588 is created, which is illustrated as a“locked” content with a lock labeled “CW B” in the figure. Then, thescrambled content 588 is scrambled again, at 592, with another controlword 590 (“CW A”), which creates doubly scrambled, or “overscrambled”,digital media content 596. It should be noted that, in certainembodiments, the content 582 might represent a segment of a “program”which lasts, for example, 0.1 second, during which the control words 584and 590 are in effect. In certain other embodiments, the content 582 maycorrespond to a whole program such as a movie title. Next, control wordsare in turn encrypted with service keys associated with the DRM systems.In one embodiment, each control word (e.g., 584 and 590) is encryptedwith its corresponding service key (e.g., 598 and 600, respectively). Inthe embodiment shown in FIG. 14A, both control words 584 and 590 areencrypted with the same service key, i.e., service key 600 managed bythe DRM system associated with control word 590 in this example(“global” or “outer” DRM). As illustrated in the figure, control word584 is encrypted, at 602, with service key 600 (“SK A”) and the firstencrypted message (e.g., entitlement control message, or ECM) 606 iscreated. Control word 590 is then encrypted, at 604, again with the sameservice key 600 and the second encrypted message 608 is created. Thisset of encrypted messages, shown in the broken-line box 594 in thedrawing, which comprises the overscrambled content 596 and the encryptedcontrol words 606 and 608, is delivered to a bridge or a client,possibly with other messages which include, for example, entitlement(e.g., service keys 598 and 600) for the particular client(s) and/or forthe delivered digital media. In some embodiments, the entitlementmessages are delivered to the bridge in response to a client's request.In some cases, the encrypted control words are also delivered“on-demand” when an explicit request is made from the client, forexample, at the time of storage or playback of the digital media.

In some embodiments, a bridged DRM server delivers digital media throughIP network using DTCP (Digital Transmission Content Protection) packets.DTCP is a standard for protecting digital rights during the transmissionof digital media. The bridged DRM server creates DTCP packets withpayload including digital media content and various keys, which may beencrypted or scrambled. This is illustrated in FIG. 14B. The figureshows a schematic representation of a DTCP data packet 612. The datapacket encodes scrambled/overscrambled digital media content 618according to an embodiment of the present invention. The packet 612includes a UDP (User Datagram Protocol) header 614 in this example. Thepacket also includes a portion, or a header, 616 which is associatedwith a payload or a body 618 including the scrambled content 620. Thepayload 618a may contain another header 622. As in the example shown inFIG. 14A, the content 620 may have been doubly encrypted and the headers616 and 622 may carry the information regarding the “outer” and “inner”layer scrambling, respectively (e.g., scrambling with the control words590 and 584 of FIG. 14A). In some embodiments, the header 616 comprisesan ECM (e.g., the encrypted control word 608 of FIG. 14A) and/or an EMM.Likewise, the header 622 may contain relevant ECMs and/or EMMs.According to an embodiment of the present invention, each block of thecontent 620 of FIG. 14B is scrambled with a block cipher such as AES(Advanced Encryption Standard) or DES (Data Encryption Standard) or 3DES(Triple DES). Other common encryption algorithms include M2 (multi 2)and M6 (multi 6), and DVB-CSA as mentioned earlier. Multiple blocks, orthe whole content, may be encrypted according to AES and CBC (CipherBlock Chaining) or AES and ECB (Electronic Codebook). FIG. 14B alsoillustrates the scrambled content in further detail, as shown at thebottom of the drawing as 620 a. The content may have been scrambled (notexplicitly indicated in the figure) with another control word (e.g., 584of FIG. 14A), and header 622 may include the associated ECM (e.g., 606of FIG. 14A) in some embodiments, as stated earlier. The content istypically encoded with MPEG-2 formats. FIG. 14B shows multiple MPEGheaders, 624 and 628, and bodies, 626 and 630. In certain embodiments,the inner layer is scrambled with a different encryption scheme, such asAES in conjunction with CTR (a block cipher mode of operation known asCounter) or 3DES+CBC, from that used for the outer layer.

In some embodiments of the present invention, different DRM systems mayutilize different scrambling schemes. For example, the first scrambling586 and the second scrambling 592 of FIG. 14A use different scramblingschemes in certain embodiments. Or, the scrambled content 620(scrambling not explicitly shown) in FIG. 14B are encrypted oroverscrambled by different scrambling schemes in certain embodiments ofthe present invention. In this description, a scrambling scheme refersto various features, as a whole, of an encryption method. For example, ascrambling scheme comprises an encryption algorithm (AES vs. 3DES, etc.)and a mode of operation in block cipher (CBC vs. CTR vs. ECB, etc.). Insome cases, content formatting/encoding (e.g., MPEG transport stream,etc.) is also considered a part of a scrambling scheme. The “inner datapacket” 620 a shown in FIG. 14B, for example, uses a scrambling schemecomprising an MPEG encoding, as symbolically indicated in the figure byMPEG headers 624 and 628 and MPEG bodies 626 and 630.

Turning now to FIG. 14C, a list of pertinent messages is shown accordingto an embodiment of the present invention. The list 636 includes doublyscrambled digital media content 638 encrypted with two control words, an“outer” or “global” control word 640 encrypted with a service key 632,and an “inner” or “local” control word 642 encrypted with the sameservice key 632. This set of encrypted messages and relevant servicekeys 630 are utilized in certain embodiments for bridging differentdigital rights management (DRM) systems (e.g., between a “global” and“local” ones). The list 636 is an outcome of the overscrambling (e.g.,as shown in FIG. 14A), and it can be used as an input to the bridge. Thebridge and/or client typically needs authorization from the relevant DRMservers, for example, as a form of service keys. FIG. 14C shows anotherservice key 634 associated with an “inner” or “local” DRM system.

Thus, systems, methods, and apparatuses for managing digital rights indigital media delivery have been provided. Although the presentinvention has been described with reference to specific exemplaryembodiments, it will be evident that various modifications and changesmay be made to these embodiments without departing from the broaderspirit and scope of the invention as set forth in the claims.Accordingly, the specification and drawings are to be regarded in anillustrative rather than a restrictive sense.

1. A method for repurposing a media originated from an original digitalrights management system and passed through a bridge to be under theprotection of a secondary digital rights management system, the methodcomprising: upgrading the media access from the secondary digital rightsmanagement system with permission from the original digital rightsmanagement system.
 2. A method as in claim 1 wherein the permission fromthe original digital rights management system comprises an approval fromthe original digital rights management system during a communicationbetween the secondary digital rights management system and the originaldigital rights management system.
 3. A method as in claim 1 wherein thepermission from the original digital rights management system ispre-approved.
 4. A method as in claim 1 wherein upgrading accesscomprises at least one of extending the lifetime of the license,enabling new rights, enabling new exports, enabling move operation orrestoration operation to another machine, or any combination thereof. 5.A method as in claim 1 wherein the media comprises an original licensewhich is to be included in a communication between the secondary digitalrights management system and the original digital rights managementsystem to get permission for upgrading media access.
 6. A method for aclient of a secondary digital rights management system to get upgradedaccess to a media originated from an original digital rights managementsystem, the media stored within the access of the client of thesecondary digital rights management system, and the media sent through abridge from the original to the secondary digital rights managementsystems, the method comprising: contacting the secondary digital rightsmanagement system to get an upgraded license or rights; upgrading theaccess to the media of the client of the secondary digital rightsmanagement system, the access upgrading process achieved with permissionfrom the original digital rights management system.
 7. A method as inclaim 6 wherein the contacting process comprises sending a request froma client of the secondary digital rights management system to an upgradeserver of the secondary digital rights management system; communicatingbetween the upgrade server of the secondary digital rights managementsystem and the original digital rights management system to get theupgrade license or rights.
 8. A method as in claim 7 wherein the upgradeserver of the secondary digital rights management system comprises theserver in the bridge, or a separate independent server.
 9. A method asin claim 7 wherein the original digital rights management system for thecommunication comprising the server sending the media, or a separatebilling or upgrade server of the original digital rights managementsystem.
 10. A method as in claim 7 wherein the communication comprisespassing information through the bridge, or to an independent server ofthe secondary digital rights management system before reaching theoriginal digital rights management system.
 11. A method as in claim 7wherein the permission from the original digital rights managementsystem comprises an approval from the original digital rights managementsystem during a communication between the secondary digital rightsmanagement system and the original digital rights management system. 12.A method as in claim 7 wherein the permission from the original digitalrights management system is pre-approved.
 13. A method as in claim 7wherein upgrading access comprises at least one of extending thelifetime of the license, enabling new rights, enabling new exports,enabling move operation or restoration operation to another machine, orany combination thereof.
 14. A method as in claim 7 wherein enabling newrights comprises allowing additional copy.
 15. A method as in claim 7wherein enabling new exports comprises additional bridging.
 16. A methodas in claim 7 wherein the media comprises an original license which isto be included in a communication between the secondary digital rightsmanagement system and the original digital rights management system toget permission for upgrading the media access.
 17. A method as in claim7 wherein the media comprises an original license which is to beextracted and replaced with an upgrade license.
 18. A method as in claim7 wherein the media comprises an original license which is to be used tolog or authorize the upgrade access transaction.
 19. A method for aclient of a secondary digital rights management system to get upgradedaccess to a media originated from an original digital rights managementsystem, the media stored within the access of the client of thesecondary digital rights management system, the media sent through abridge from the original to the secondary digital rights managementsystem and being translated so that the secondary digital rightsmanagement system can modify the access, the method comprising:contacting an upgrade server of the secondary digital rights managementsystem to get new rights to the media; upgrading the access to the mediaof the client of the secondary digital rights management system, theaccess upgrading achieved with permission from the original digitalrights management system.
 20. A method as in claim 19 wherein thetranslation process through the bridge comprises adding a license fromthe secondary digital rights management system.
 21. A method as in claim19 wherein the license from the secondary digital rights managementsystem comprises additional license renewal data.
 22. A method as inclaim 19 wherein the license renewal data are cryptographically linkedto the license.
 23. A method as in claim 19 wherein the license renewaldata are secured by the secondary digital rights management system, theoriginal digital rights management system, or both.
 24. A method as inclaim 19 wherein the license renewal data comprise subscriberidentification data, event identification data, time stamp, deviceidentification data, renewal traceability data, restore data, encryptedcontent key, or any combination thereof.
 25. An apparatus repurposing amedia, the media originated from an original digital rights managementsystem and passed through a bridge to be under the protection of asecondary digital rights management system, the apparatus comprising: aprocessor; a memory coupled with said processor, said memory havingcontained therein sequences of instructions which, when executed by saidprocessor, cause said processor to perform: upgrading the media accessfrom the secondary digital rights management system with permission fromthe original digital rights management system.
 26. An apparatus as inclaim 25 wherein the permission from the original digital rightsmanagement system comprises an approval from the original digital rightsmanagement system during a communication between the secondary digitalrights management system and the original digital rights managementsystem.
 27. An apparatus as in claim 25 wherein the permission from theoriginal digital rights management system is pre-approved.
 28. Anapparatus as in claim 25 wherein upgrading access comprises at least oneof extending the lifetime of the license, enabling new rights, enablingnew exports, enabling move operation or restoration operation to anothermachine, or any combination thereof.
 29. An apparatus as in claim 25wherein the media comprises an original license which is to be includedin a communication between the secondary digital rights managementsystem and the original digital rights management system to getpermission for upgrading media access.
 30. An apparatus for a client ofa secondary digital rights management system to get upgraded access to amedia originated from an original digital rights management system, themedia stored within the access of the client of the secondary digitalrights management system, and the media sent through a bridge from theoriginal to the secondary digital rights management systems, theapparatus comprising: a processor; a memory coupled with said processor,said memory having contained therein sequences of instructions which,when executed by said processor, cause said processor to perform:contacting the secondary digital rights management system to get anupgraded license or rights; upgrading the access to the media of theclient of the secondary digital rights management system, the accessupgrading process achieved with permission from the original digitalrights management system.
 31. An apparatus as in claim 30 wherein thecontacting process comprises sending a request from a client of thesecondary digital rights management system to an upgrade server of thesecondary digital rights management system; communicating between theupgrade server of the secondary digital rights management system and theoriginal digital rights management system to get the upgrade license orrights.
 32. An apparatus as in claim 30 wherein the upgrade server ofthe secondary digital rights management system comprises the server inthe bridge, or a separate independent server.
 33. An apparatus as inclaim 30 wherein the original digital rights management system for thecommunication comprising the server sending the media, or a separatebilling or upgrade server of the original digital rights managementsystem.
 34. An apparatus as in claim 30 wherein the communicationcomprises passing information through the bridge, or to an independentserver of the secondary digital rights management system before reachingthe original digital rights management system.
 35. An apparatus as inclaim 30 wherein the permission from the original digital rightsmanagement system comprises an approval from the original digital rightsmanagement system during a communication between the secondary digitalrights management system and the original digital rights managementsystem.
 36. An apparatus as in claim 30 wherein the permission from theoriginal digital rights management system is pre-approved.
 37. Anapparatus as in claim 30 wherein upgrading access comprises at least oneof extending the lifetime of the license, enabling new rights, enablingnew exports, enabling move operation or restoration operation to anothermachine, or any combination thereof.
 38. An apparatus as in claim 30wherein enabling new rights comprises allowing additional copy.
 39. Anapparatus as in claim 30 wherein enabling new exports comprisesadditional bridging.
 40. An apparatus as in claim 30 wherein the mediacomprises an original license which is to be included in a communicationbetween the secondary digital rights management system and the originaldigital rights management system to get permission for upgrading themedia access.
 41. An apparatus as in claim 30 wherein the mediacomprises an original license which is to be extracted and replaced withan upgrade license.
 42. An apparatus as in claim 30 wherein the mediacomprises an original license which is to be used to log or authorizethe upgrade access transaction.
 43. An apparatus for a client of asecondary digital rights management system to get upgraded access to amedia originated from an original digital rights management system, themedia stored within the access of the client of the secondary digitalrights management system, the media sent through a bridge from theoriginal to the secondary digital rights management system and beingtranslated so that the secondary digital rights management system canmodify the access, the apparatus comprising: a processor; a memorycoupled with said processor, said memory having contained thereinsequences of instructions which, when executed by said processor, causesaid processor to perform: contacting an upgrade server of the secondarydigital rights management system to get new rights to the media;upgrading the access to the media of the client of the secondary digitalrights management system, the access upgrading achieved with permissionfrom the original digital rights management system.
 44. An apparatus asin claim 43 wherein the translation process through the bridge comprisesadding a license from the secondary digital rights management system.45. An apparatus as in claim 43 wherein the license from the secondarydigital rights management system comprises additional license renewaldata.
 46. An apparatus as in claim 43 wherein the license renewal dataare cryptographically linked to the license.
 47. An apparatus as inclaim 43 wherein the license renewal data are secured by the secondarydigital rights management system, the original digital rights managementsystem, or both.
 48. An apparatus as in claim 43 wherein the licenserenewal data comprise subscriber identification data, eventidentification data, time stamp, device identification data, renewaltraceability data, restore data, encrypted content key, or anycombination thereof.
 49. A machine readable medium containing machineexecutable program instructions which, when executed by a dataprocessing system, cause the data processing system to perform a methodfor repurposing a media, the media originated from an original digitalrights management system and passed through a bridge to be under theprotection of a secondary digital rights management system, the methodcomprising: upgrading the media access from the secondary digital rightsmanagement system with permission from the original digital rightsmanagement system.
 50. A medium as in claim 49 wherein the permissionfrom the original digital rights management system comprises an approvalfrom the original digital rights management system during acommunication between the secondary digital rights management system andthe original digital rights management system.
 51. A medium as in claim49 wherein the permission from the original digital rights managementsystem is pre-approved.
 52. A medium as in claim 49 wherein upgradingaccess comprises at least one of extending the lifetime of the license,enabling new rights, enabling new exports, enabling move operation orrestoration operation to another machine, or any combination thereof.53. A medium as in claim 49 wherein the media comprises an originallicense which is to be included in a communication between the secondarydigital rights management system and the original digital rightsmanagement system to get permission for upgrading media access.
 54. Amachine readable medium containing machine executable programinstructions which, when executed by a data processing system, cause thedata processing system to perform a method, the method to be used for aclient of a secondary digital rights management system to get upgradedaccess to a media originated from an original digital rights managementsystem, the media stored within the access of the client of thesecondary digital rights management system, and the media sent through abridge from the original to the secondary digital rights managementsystems, the method comprising: contacting the secondary digital rightsmanagement system to get an upgraded license or rights; upgrading theaccess to the media of the client of the secondary digital rightsmanagement system, the access upgrading process achieved with permissionfrom the original digital rights management system.
 55. A medium as inclaim 54 wherein the contacting process comprises sending a request froma client of the secondary digital rights management system to an upgradeserver of the secondary digital rights management system; communicatingbetween the upgrade server of the secondary digital rights managementsystem and the original digital rights management system to get theupgrade license or rights.
 56. A medium as in claim 54 wherein theupgrade server of the secondary digital rights management systemcomprises the server in the bridge, or a separate independent server.57. A medium as in claim 54 wherein the original digital rightsmanagement system for the communication comprising the server sendingthe media, or a separate billing or upgrade server of the originaldigital rights management system.
 58. A medium as in claim 54 whereinthe communication comprises passing information through the bridge, orto an independent server of the secondary digital rights managementsystem before reaching the original digital rights management system.59. A medium as in claim 54 wherein the permission from the originaldigital rights management system comprises an approval from the originaldigital rights management system during a communication between thesecondary digital rights management system and the original digitalrights management system.
 60. A medium as in claim 54 wherein thepermission from the original digital rights management system ispre-approved.
 61. A medium as in claim 54 wherein upgrading accesscomprises at least one of extending the lifetime of the license,enabling new rights, enabling new exports, enabling move operation orrestoration operation to another machine, or any combination thereof.62. A medium as in claim 54 wherein enabling new rights comprisesallowing additional copy.
 63. A medium as in claim 54 wherein enablingnew exports comprises additional bridging.
 64. A medium as in claim 54wherein the media comprises an original license which is to be includedin a communication between the secondary digital rights managementsystem and the original digital rights management system to getpermission for upgrading the media access.
 65. A medium as in claim 54wherein the media comprises an original license which is to be extractedand replaced with an upgrade license.
 66. A medium as in claim 54wherein the media comprises an original license which is to be used tolog or authorize the upgrade access transaction.
 67. A machine readablemedium containing machine executable program instructions which, whenexecuted by a data processing system, cause the data processing systemto perform a method, the method to be used for a client of a secondarydigital rights management system to get upgraded access to a mediaoriginated from an original digital rights management system, the mediastored within the access of the client of the secondary digital rightsmanagement system, the media sent through a bridge from the original tothe secondary digital rights management system and being translated sothat the secondary digital rights management system can modify theaccess, the method comprising: contacting an upgrade server of thesecondary digital rights management system to get new rights to themedia; upgrading the access to the media of the client of the secondarydigital rights management system, the access upgrading achieved withpermission from the original digital rights management system.
 68. Amedium as in claim 67 wherein the translation process through the bridgecomprises adding a license from the secondary digital rights managementsystem.
 69. A medium as in claim 67 wherein the license from thesecondary digital rights management system comprises additional licenserenewal data.
 70. A medium as in claim 67 wherein the license renewaldata are cryptographically linked to the license.
 71. A medium as inclaim 67 wherein the license renewal data are secured by the secondarydigital rights management system, the original digital rights managementsystem, or both.
 72. A medium as in claim 67 wherein the license renewaldata comprise subscriber identification data, event identification data,time stamp, device identification data, renewal traceability data,restore data, encrypted content key, or any combination thereof.
 73. Amethod of repurposing a media originated from an original digital rightsmanagement (DRM) system and passed through a bridge to be under theprotection of a secondary DRM, the method performed by at least onesystem of the original DRM, the method comprising: receiving a requestto upgrade the media from a system in the secondary DRM; transmitting apermission from the at least one system of the original DRM in responseto the request.
 74. A method of repurposing a media originated from anoriginal digital rights management (DRM) system and passed through abridge to be under the protection of a secondary DRM, the methodperformed by at least one component of the bridge, the methodcomprising: receiving a request to upgrade the media from a system inthe secondary DRM; transmitting the request to a system in the originalDRM; receiving a response to the request to upgrade the media.